Tuesday, August 6, 2013

It was reported earlier this week that the FBI won a great victory by stopping the largest child porn distributor on the Internet. The FBI's victory lap was cut short when some of the details of how they did it were more closely examined.

What the FBI actually did was seize a hosting service on the hidden TOR Network. The owner of the hosting service Freedom Hosting was not directly involved in the production or distribution of child porn, he just provided anonymous hosting used by pedophile pornographers.

The bigger question became how the FBI penetrated the supposedly anonymous TOR Network. That's where the story gets interesting.

TOR, short for The Onion Router, was originally developed by the Navy Research Laboratory to provide an anonymous secondary internetwork for the government to use. Supposedly the project was abandoned by the Navy only to be picked up by open-source volunteers who now run the Tor Project.

Despite its beginnings as a government project, most believe TOR to be the best current option for online anonymity. But does this recent compromise of TOR reveal that it's also part of the surveillance grid? The long answer is complicated, but the short answer is no.

First, the NSA has been identified as the source of the malware bomb used to take down Freedom Hosting - not the FBI who claimed victory in the investigation and apprehension.

Arstechnica writes:

Malware planted on the servers of Freedom Hosting—the "hidden service" hosting provider on the Tor anonymized network brought down late last week—may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency (NSA).

Continued from Arstechnica:

Initial investigations traced the address to defense contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defense. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia.

Further analysis using a DNS record tool from Robtex found that the address was actually part of several blocks of IP addresses allocated by SAIC to the NSA. This immediately spooked the researchers.

Two things are important to note about this revelation: First, it should be telling that the NSA had to resort to using a malware weapon instead of how they normally collect and decode Internet traffic -- which still can't be done on TOR; and, second, the open-source nature of TOR provided clear evidence of the breach and who caused it.

The TOR Project identified the specific problem and suggested that people who desire privacy must get the patched version of the TOR Browser Bundle, stop using Windows, and disable Javascript. If your Windows OS is compromised, which it clearly is, it doesn't much matter how you sign in to the Internet. And, according to TOR, Javascript was used by the NSA to breach an older version of the TOR Browser Bundle.

Some feel this entire attack is more about scaring people away from using privacy tools such as TOR than it is about fighting child porn because no actual pornographers were caught. They remained anonymous. TOR is still considered secure if used properly.

Does anyone see a pattern of abuse forming yet? The government is illegally collecting, sharing and using our private data to drum up suspicion of criminal activity, and then acting on it.

They're hoping headlines like "taking down the world's largest child porn dealer" will justify crushing Internet freedom and privacy. Expect more victory laps by the FBI or DEA, and the NSA catching more "credible threats". Keeping us safe, one privacy breach at a time.

12 comments:

With NSA's resources a brute-force approach may have been feasible. Deep packet inspection wouldn't work, so any analysis would be based on timing, packet size, destination and origin. Perhaps upload a unique file to any of the hidden sites, then connect a thousand clients from different IPs and track their traffic, latency etc. Even with just the metadata (obtained through mirroring backbone traffic) with enough time it would be possible to find out who's running the Yahoo equivalent of Tor.

That's assuming they didn't find a vulnerability in Freedom Hosting itself - keep in mind this operation already included the use of one 0day.

Chances are they vanned the Freedom Hosting admin and during his absence installed their own dial-home program.

Also, the IP points straight back to NSA. That's the malware equivalent of saving passwords as plaintext - you don't generally do that, but when you do, you do it explicitly and with a purpose.

And the purpose here is to build a dossier of incriminating materials on possible future thoughtcriminals as well as to spread fear and panic.

So the proper response would be to keep calm and carry on, paying more attention to security.

@ Anonymous ... August 7, 2013 at 8:05 PM: Put down the Coca-Cola, and Big Mac with Fries, and recover your brain. These days, information on alternative O/Ss is easy to find. Pull your finger out and act!

These are All Military inventions to Spread Disinformation to the General PublicTOR was a Trojan Horse designed to be Abandoned and taken by People that wanted a Complete Package Deal (aka A Free Ready Built Web Site) obviously they left a wide open Back DoorThat way Users could take Administrative Controls but still be just a User within the Program It doesn't amaze me that the Greedy would Grab a Intelligence agencies Computer Program and think that it's Safe to Use Freely

9/11 Questions

Activist Post is an Independent News blog for Activists challenging the abuses of the establishment.

FAIR USE NOTICE. Many of the stories on this site contain copyrighted material whose use has not been specifically authorized by the copyright owner. We are making this material available in an effort to advance the understanding of environmental issues, human rights, economic and political democracy, and issues of social justice. We believe this constitutes a 'fair use' of the copyrighted material as provided for in Section 107 of the US Copyright Law which contains a list of the various purposes for which the reproduction of a particular work may be considered fair, such as criticism, comment, news reporting, teaching, scholarship, and research. If you wish to use such copyrighted material for purposes of your own that go beyond 'fair use'...you must obtain permission from the copyright owner.

Paid advertising on Activist Post may not represent the views and opinions of this website and its contributors. No endorsement of products and services advertised is either expressed or implied.

All opinions expressed by contributors to this site are theirs and theirs alone.